RE: Privacy implications of automatic alternative selection (Re: Acessibility of <audio> and <video>)

Henri -

I think that you are confusing the concern that some members of this group
(and other W3C groups) with things that are within the scope of HTML.

The fact is, a server can guess my location within a few miles based solely
on my IP address in many cases. Cookies track your every click. Google can
stick an ad on a Web site I am viewing based on the intersection of the sets
"key words on this page", "words in emails that I read on Gmail" and "things
I searched for 10 months ago". By default, just about every UA out there
that a "typical user" uses is set to allow these things to happen.

But at the same time, they can be turned off.

Thinking about it (note that I am not minimizing the privacy issue here,
just trying to get it scoped properly), here is a proposal:

UAs will be free to disable to automatic querying of these things, and
present the user with a choice when a site needs the information. Of course,
most UAs will turn off the prompting by default, but people with privacy
concerns can set it to "prompt when asked" or "prompt unless I 'trust' this
site" or even "do not allow querying". In fact, a super smart UA may also
build in a system for saying responding with a variety of answers as "tests"
to see what comes back, and then present to the user the choice of content
to pick from.

Again, if people want privacy at this level, they need to be using an
anonymizer service, or a UA with mechanisms for increasing privacy.

J.Ja

> -----Original Message-----
> From: public-html-request@w3.org [mailto:public-html-request@w3.org] On
> Behalf Of Henri Sivonen
> Sent: Friday, September 12, 2008 5:06 AM
> To: Justin James
> Cc: 'Charles McCathieNevile'; 'HTML WG'; 'W3C WAI-XTECH'; 'Dave Singer'
> Subject: Re: Privacy implications of automatic alternative selection
> (Re: Acessibility of <audio> and <video>)
> 
> 
> First, I should point out that I didn't bring the privacy issue up on
> the telecon but I made a follow-up observation, and I was asked (off-
> telecon) to email the list about it.
> 
> (On the telecon, I said I liked the MQ idea. I'm inclined to think the
> benefits of automatic selection of captioning or audio description
> would outweigh the privacy concern.)
> 
> Also note that there is precedent to considering the privacy issues of
> automatic content alternative selection (and choosing to enable
> automatic selection nonetheless):
> http://tools.ietf.org/html/rfc2616#section-15.1.4
> 
> On Sep 12, 2008, at 06:20, Justin James wrote:
> 
> > I think that this discussion is fairly... pointless. Privacy is not
> > the concern of this group.
> 
> Actually, it is. Consider the discussion about the ping attribute for
> instance.
> 
> > Non-disabled users have privacy concerns all of the time, and if
> > they want privacy, they check the privacy policy. Furthermore, there
> > is already a fairly good mechanism for this in place, the much
> > underutilized P3P system. Finally, for users that are *super*
> > concerned about privacy at the server side there are anonymizers.
> 
> Those are all evidence that the system doesn't address privacy in its
> architecture to a degree satisfactory for everyone.
> 
> > Let's take an emotion-free look at this situation for one moment. If
> > I go to WebMD and do a lot of search on, say, "diabetes", "insulin",
> > etc., it could be inferred that I am quite possibly diabetic. And
> > this isn't even an HTML issue. It's simply a "what requests
> > originated from the same IP?" Why aren't we trying to keep servers
> > from figuring out who is diabetic? Because *it isn't our concern*.
> 
> More to the point, that should have been a concern when HTML and HTTP
> were first designed. An maybe it was, but that particular
> architectural ship has already sailed (and the benefits of the
> architecture probably outweigh the problems).
> 
> Anyway, when you perform a search on WebMD, you communicate diabetes-
> interest-correlated data to WebMD. You are not broadcasting it to
> every site you visit. Likewise, if the user on a site offering video
> manually picks one of multiple alternative versions, that choice is
> communicated to that site only. However, an automatic selection
> mechanism allows any site the user visits to probe the users settings
> without the user deciding if (s)he wants to share those settings with
> a particular site.
> 
> --
> Henri Sivonen
> hsivonen@iki.fi
> http://hsivonen.iki.fi/
> 

Received on Friday, 12 September 2008 14:50:55 UTC